diff options
author | robiscool <robrob2626@yahoo.com> | 2009-12-30 00:51:05 -0800 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2009-12-30 00:51:38 -0800 |
commit | d0f804ddd88b5687ae471a20da7b2726390ae97f (patch) | |
tree | b1914e4ecd4dd54ab2f52026494ab4d370e63ebb /config/snort-dev | |
parent | b942041662c8cdc0cc6b676b9f4402e2861e00ca (diff) | |
download | pfsense-packages-d0f804ddd88b5687ae471a20da7b2726390ae97f.tar.gz pfsense-packages-d0f804ddd88b5687ae471a20da7b2726390ae97f.tar.bz2 pfsense-packages-d0f804ddd88b5687ae471a20da7b2726390ae97f.zip |
snort-dev, add filtering for corrupted alerts file
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/snort.inc | 2 | ||||
-rw-r--r-- | config/snort-dev/snort_alerts.php | 20 | ||||
-rw-r--r-- | config/snort-dev/snort_blocked.php | 44 | ||||
-rw-r--r-- | config/snort-dev/snort_rules.php | 92 |
4 files changed, 99 insertions, 59 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index bae2c384..db7bbc27 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -1463,7 +1463,7 @@ preprocessor http_inspect_server: server default \ chunk_length 500000 \ bare_byte yes \ double_decode yes \ - iis_unicode yes \ + iis_unicode no \ iis_delimiter no \ multi_slash no diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index a9e002f8..bbfd214c 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -431,17 +431,23 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') { $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); }else{ - $alerts_array = array_reverse(split("\n", file_get_contents('/var/log/snort/alert'))); + $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert')))); } + + +if (is_array($alerts_array)) +{ + $counter = 0; foreach($alerts_array as $fileline) { + if($logent <= $counter) continue; - + $counter++; - + /* Date */ $alert_date_str = get_snort_alert_date($fileline); @@ -573,7 +579,9 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') } /* NOTE: using one echo improves performance by 2x */ - echo "<tr id=\"{$counter}\"> + if ($alert_disc != 'empty') + { + echo "<tr id=\"{$counter}\"> <td class=\"centerAlign\">{$counter}</td> <td class=\"centerAlign\">{$alert_priority}</td> <td class=\"centerAlign\">{$alert_proto}</td> @@ -586,7 +594,8 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') <td class=\"centerAlign\">{$alert_dst_p}</td> <td class=\"centerAlign\">{$alert_sid}</td> <td>{$alert_date}</td> - </tr>\n"; + </tr>\n"; + } // <script type="text/javascript"> // var myTable = {}; @@ -596,6 +605,7 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') // </script> } +} ?> </tbody> diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index 06d03bd0..d4b4c2b9 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -323,7 +323,7 @@ $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_ $logent = $bnentries; -if ($blocked_ips_array[0] != '') +if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') { /* build the list and compare blocks to alerts */ @@ -335,10 +335,21 @@ if ($blocked_ips_array[0] != '') $alert_ip_src = get_snort_alert_ip_src($fileline); $alert_ip_disc = get_snort_alert_disc($fileline); + $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); - if (in_array("$alert_ip_src", $blocked_ips_array)) - $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; + if (in_array("$alert_ip_src", $blocked_ips_array)) + { + $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; + } + } + foreach($blocked_ips_array as $alert_block_ip) + { + + if (!in_array($alert_block_ip, $alert_ip_src_array)) + { + $input[] = "[$alert_block_ip] " . "[N\A]\n"; + } } /* reduce double occurrences */ @@ -374,7 +385,6 @@ if ($blocked_ips_array[0] != '') $alert_block_disc = 'empty'; } - /* use one echo to do the magic*/ echo "<tr> <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> @@ -385,13 +395,37 @@ if ($blocked_ips_array[0] != '') </tr>\n"; } + +}else{ + + /* if alerts file is empty and blocked table is not empty */ + $counter2 = 0; + + foreach($blocked_ips_array as $alert_block_ip) + { + if($logent <= $counter2) + continue; + + $counter2++; + + $alert_block_disc = 'N/A'; + + /* use one echo to do the magic*/ + echo "<tr> + <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> + <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> + <td> {$counter2}</td> + <td> {$alert_block_ip}</td> + <td> {$alert_block_disc}</td> + </tr>\n"; + } } if ($blocked_ips_array[0] == '') { echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>"; }else{ - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>"; + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>"; } ?> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index bc2f481d..ae3fca62 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -577,56 +577,55 @@ function popup(url) if (strstr($tempstring, 'msg:"')) $message = get_middle($tempstring, 'msg:"', '";', 0); - echo "<tr>"; - echo "<td class=\"listt\">"; - echo $textss; + echo "<tr> + <td class=\"listt\"> + $textss\n"; ?> - <a href="?id=<?=$id;?>&openruleset=<?=$file;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a> - <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false) "> + <a href="?id=<?=$id;?>&openruleset=<?=$file;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="10" height="10" border="0" title="click to toggle enabled/disabled status"></a> + <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> <?php - echo $textse; - echo "</td>"; - - - echo "<td class=\"listlr\">"; - echo $textss; - echo $sid; - echo $textse; - echo "</td>"; - - echo "<td class=\"listlr\">"; - echo $textss; - echo $protocol; + echo "$textse + </td> + <td class=\"listlr\"> + $textss + $sid + $textse + </td> + <td class=\"listlr\"> + $textss + $protocol"; + ?> + <?php $printcounter++; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $source; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $source_port; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $destination; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $destination_port; - echo $textse; - echo "</td>"; + echo "$textse + </td> + <td class=\"listlr\"> + $textss + $source + $textse + </td> + <td class=\"listlr\"> + $textss + $source_port + $textse + </td> + <td class=\"listlr\"> + $textss + $destination + $textse + </td> + <td class=\"listlr\"> + $textss + $destination_port + $textse + </td>"; ?> <td class="listbg"><font color="white"> <?php - echo $textss; - echo $message; - echo $textse; - echo "</td>"; + echo "$textss + $message + $textse + </td>"; ?> <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> @@ -639,10 +638,7 @@ function popup(url) <?php } } - echo " "; - echo "There are "; - echo $printcounter; - echo " rules in this category. <br><br>"; + echo " There are $printcounter rules in this category. <br><br>"; ?> </table> </td> |